Bug 245284 - www/apache24: Security Update to 2.4.43
Summary: www/apache24: Security Update to 2.4.43
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-apache mailing list
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2020-04-02 14:06 UTC by Pascal Christen
Modified: 2020-04-02 14:24 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (apache)


Attachments
Apache Update to 2.4.43 (647 bytes, patch)
2020-04-02 14:06 UTC, Pascal Christen
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Pascal Christen 2020-04-02 14:06:21 UTC
Created attachment 212981 [details]
Apache Update to 2.4.43

Changes with Apache 2.4.43

  *) SECURITY: CVE-2020-1934 (cve.mitre.org)
     mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
     server. [Eric Covener]

  *) SECURITY: CVE-2020-1927 (cve.mitre.org)
     rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
     matches and substitutions with encoded line break characters.
     The fix for CVE-2019-10098 was not effective.  [Ruediger Pluem]

  *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]


https://downloads.apache.org//httpd/CHANGES_2.4.43
Comment 1 Pascal Christen 2020-04-02 14:24:26 UTC
Revision 530372 - (show annotations) (download)
Thu Apr 2 14:05:13 2020 UTC (18 minutes, 8 seconds ago) by joneum
File MIME type: text/plain
File size: 7993 byte(s)
Update to 2.4.43

Got updated at the same time as I opened the issue